diff options
author | Nick Mathewson <nickm@torproject.org> | 2016-08-30 09:00:34 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:37:22 -0400 |
commit | 0704fa8a63c2e203162c359e184e63b10c45630c (patch) | |
tree | 3cee5bf6aaabf9178cf3d6ddfe1a3579e32ac466 /src/or | |
parent | fae7060aea5c562fc59e7089b6a3459a5718b2d0 (diff) | |
download | tor-0704fa8a63c2e203162c359e184e63b10c45630c.tar.gz tor-0704fa8a63c2e203162c359e184e63b10c45630c.zip |
Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.
Fixes bug 20027; bugfix on 0.2.7.2-alpha.
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/torcert.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c index 2629155477..ef7775eb9e 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -139,7 +139,11 @@ tor_cert_parse(const uint8_t *encoded, const size_t len) cert->encoded_len = len; memcpy(cert->signed_key.pubkey, parsed->certified_key, 32); - cert->valid_until = parsed->exp_field * 3600; + const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600; + if (valid_until_64 > TIME_MAX) + cert->valid_until = TIME_MAX - 1; + else + cert->valid_until = (time_t) valid_until_64; cert->cert_type = parsed->cert_type; for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) { |